But it's not two layers. It's the same layer, just split into two.

Using similar examples to earlier if you have a password

12345678

To crack it, you have to guess a sequence of 8 numbers.

Alternatively, if you had two passwords:

1234 and 5678

Then you still have to figure out 8 numbers but it happens
to be split into two pairs. The probability is the same. In
either case, making the passwords longer makes the
password(s) stronger, but assuming the same number
of digits, it's the same number of permutations.

It only becomes two layers if the data is submitted in a
different way, or from a different source or with a different token,
not when the two parts are of identical type/source.

Chip + PIN on your cashcard is two layer, for example.

Churchill wrote: if the default user name was changeable then the potential chances of being attacked would be less.....I think? So more of a deterrent ?

Having a changeable username (let's say 'Fred') would make it more secure, but so would adding 'Fred' to the beginning of the password.

The code in the router is still just checking 'n' characters entering into a browser dialogue box.